This application contains subject matter protected by copyright. All rights reserved.
1. Technical Field
The present invention relates generally to network connection management and, in particular, to a flexible procedure for creating and managing persistent, secure connections to network directories and devices from a personal computer.
2. Description of the Related Art
It is known in the prior art to extend a network file system using a redirector. A known software redirector is the Server Message Block (xe2x80x9cSMBxe2x80x9d) (a/k/a the Common Internet File System or (xe2x80x9cCIFSxe2x80x9d)) redirector, which allows a user at a client machine to access various network devices located on servers in the network. Typically, such devices are of four (4) distinct types: file directories or drives, printers, modem/serial ports, and interprocess communication mechanisms (e.g., a named pipe). A user normally attaches to a given network network device after he or she logons to the network; conversely, the user normally detaches from a connected network device upon logoff, or upon logon as a different user.
In this conventional client-server network environment, certain key programs, such as persistent xe2x80x9cservicesxe2x80x9d and programmatic logon routines, typically cannot be located on network-attached drives. This is because logoff (as well as logon) on most or all network operating systems destroys all existing network connections (namely, the connections to network-attached drives, printers, named pipes and modems). In particular, logoff causes these programs to trap or fail, as the dynamic load libraries (dlls) and executable (.exe) files that are needed disappear with the lost network connection.
It is known in the art to provide so-called xe2x80x9cpersistentxe2x80x9d connections in a network environment. Thus, for example, a remotely-booted computer (which may be diskless) often sets up a boot drive (e.g., via the IBM RIPL facility) as a persistent connection. This facility maintains a simple a security context (e.g., typically, the machine name) but does not xe2x80x9crememberxe2x80x9d the user""s logon data. Likewise, known network operating systems (e.g., Novell Netware) provide an anonymous persistent connection for accessing a logon program. Like the previous example, however, this technique does not provide a flexible security context. A xe2x80x9csecurity contextxe2x80x9d generally refers to that information which is necessary to authenticate a user to a server. In a simple case, it may include a userid and password. In more complex schemes, a security context may include or be defined by certificates (obtained through public key security techniques), tickets, information provided through a key exchange, or the like.
Moreover, such known approaches do not address persistent connections in the context of intermittent, transient network problems, i.e. problems that do not necessarily sever the network connection but that might otherwise interfere with it at some lower level signaling. Further, the existing state-of-the-art does not address persistent connection management in a simple and flexible manner, nor does it provide support for all four (4) types of network attached devices, namely, drives, printers, modems and named pipes.
The present invention addresses these needs.
A network redirector is enhanced according to the present invention to provide a persistent connection management scheme exhibiting flexible security contexts, transparent reconnection upon transient network interruptions, simple setup and connection management, and support for all common network device types.
Persistent network connections created by the inventive mechanism survive logoff and persist across logon. A persistent connection is created when a network connection is established (or when an existing connection is modified) using a simple command line or GUI interface. Information supplied via the interface enables the mechanism to establish, dynamically, a different security context for each given persistent connection, and this security context is xe2x80x9cflexiblexe2x80x9d in that it may differ from the user""s logon id and password.
According to the invention, when a given connection to a network device is identified in a given manner as being persistent (e.g., by the setting of a xe2x80x9cpermanentxe2x80x9d flag), several advantageous connectivity functions are provided. First, if the connection to the attached network device is severed, the invention reconnects that connection automatically with the appropriate security context. When the device becomes available, the user is not required to re-enter his or her userid and password, or to logon again. Second, if the connection to the attached device is interrupted transiently (but not severed), user is reconnected to the network device transparently (i.e. without requiring the user to take any action). Finally, where the user initiates standard logoff processing (that would otherwise unmount the device), the network connection is intentionally bypassed to prevent disconnection.
Preferably, the inventive mechanism is implemented within or as an adjunct to a network redirector supported on a client machine in a network. The client machine has a processor for executing an operating system having a network redirector or support for a redirection mechanism.
The foregoing has outlined some of the more pertinent objects and features of the present invention. These objects should be construed to be merely illustrative of some of the more prominent features and applications of the invention. Many other beneficial results can be attained by applying the disclosed invention in a different manner or modifying the invention as will be described. Accordingly, other objects and a fuller understanding of the invention may be had by referring to the following Detailed Description of the Preferred Embodiment.